Date: Fri, 20 Nov 2015 12:10:57 -0500 From: Daniel Micay <danielmicay@...il.com> To: oss-security@...ts.openwall.com Subject: Re: seccomp filters without PR_SET_NO_NEW_PRIVS On 20/11/15 12:00 PM, Florian Weimer wrote: > Is there a way on current Linux kernels to install a seccomp filter > which is reset on execve and therefore does not require > PR_SET_NO_NEW_PRIVS for security reasons? (The filter could restrict to > execve if necessary.) No, there's only the ability to do it with CAP_SYS_ADMIN without PR_SET_NO_NEW_PRIVS. [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ